diff options
| author | Tomás Touceda <chiiph@leap.se> | 2013-06-24 13:00:30 -0300 |
|---|---|---|
| committer | Tomás Touceda <chiiph@leap.se> | 2013-06-24 13:00:30 -0300 |
| commit | 862526f4c877cfb546352115a5b76cc09e981c16 (patch) | |
| tree | 46deff7c81a8ad4d288bce650daffefb15b71080 | |
| parent | 8bd02bcdcbcc2ff351585e67a87c7b54090759cb (diff) | |
| parent | 6873b5b5ef4d1e4af44fe41a52f402d3d9a16d5c (diff) | |
Merge remote-tracking branch 'kali/feature/2925_osx-use-cocoasudo' into develop
| -rw-r--r-- | changes/feature_2925_osx-use-cocoasudo | 1 | ||||
| -rw-r--r-- | data/images/leap-client.tiff | bin | 0 -> 3598 bytes | |||
| -rw-r--r-- | src/leap/services/eip/vpnlaunchers.py | 33 |
3 files changed, 24 insertions, 10 deletions
diff --git a/changes/feature_2925_osx-use-cocoasudo b/changes/feature_2925_osx-use-cocoasudo new file mode 100644 index 00000000..b87a8de1 --- /dev/null +++ b/changes/feature_2925_osx-use-cocoasudo @@ -0,0 +1 @@ + o Use cocoasudo in place of osascript for osx privilege escalation during openvpn launch. diff --git a/data/images/leap-client.tiff b/data/images/leap-client.tiff Binary files differnew file mode 100644 index 00000000..71c95b0d --- /dev/null +++ b/data/images/leap-client.tiff diff --git a/src/leap/services/eip/vpnlaunchers.py b/src/leap/services/eip/vpnlaunchers.py index 56df0b1c..570a7893 100644 --- a/src/leap/services/eip/vpnlaunchers.py +++ b/src/leap/services/eip/vpnlaunchers.py @@ -458,12 +458,12 @@ class DarwinVPNLauncher(VPNLauncher): VPN launcher for the Darwin Platform """ - OSASCRIPT_BIN = '/usr/bin/osascript' - OSX_ASADMIN = "do shell script \"%s\" with administrator privileges" + COCOASUDO = "cocoasudo" + # XXX need magic translate for this string + SUDO_MSG = ("LEAP needs administrative privileges to run " + "Encrypted Internet.") INSTALL_PATH = "/Applications/LEAP\ Client.app" - # OPENVPN_BIN = "/%s/Contents/Resources/openvpn.leap" % ( - # self.INSTALL_PATH,) OPENVPN_BIN = 'openvpn.leap' OPENVPN_PATH = "%s/Contents/Resources/openvpn" % (INSTALL_PATH,) @@ -481,9 +481,25 @@ class DarwinVPNLauncher(VPNLauncher): """ to = kls.OPENVPN_PATH cmd = "#!/bin/sh\nmkdir -p %s\ncp \"%s/\"* %s" % (to, frompath, to) - #return kls.OSX_ASADMIN % cmd return cmd + def get_cocoasudo_cmd(self): + """ + Returns a string with the cocoasudo command needed to run openvpn + as admin with a nice password prompt. The actual command needs to be + appended. + + :rtype: (str, list) + """ + iconpath = os.path.abspath(os.path.join( + os.getcwd(), + "../../../Resources/leap-client.tiff")) + has_icon = os.path.isfile(iconpath) + args = ["--icon=%s" % iconpath] if has_icon else [] + args.append("--prompt=%s" % (self.SUDO_MSG,)) + + return self.COCOASUDO, args + def get_vpn_command(self, eipconfig=None, providerconfig=None, socket_host=None, socket_port="unix"): """ @@ -597,11 +613,8 @@ class DarwinVPNLauncher(VPNLauncher): '--ca', providerconfig.get_ca_cert_path() ] - # We are using osascript until we can write a proper wrapper - # for privilege escalation. - - command = self.OSASCRIPT_BIN - cmd_args = ["-e", self.OSX_ASADMIN % (' '.join(args),)] + command, cargs = self.get_cocoasudo_cmd() + cmd_args = cargs + args logger.debug("Running VPN with command:") logger.debug("%s %s" % (command, " ".join(cmd_args))) |